US capable of cracking most encryption used online: report

Source:Xinhua Published: 2013-9-7 8:10:50

The US National Security Agency (NSA) has developed the ability to crack encryption technologies widely used to protect Internet communications, using various methods including supercomputers, technical trickery and behind-the-scenes persuasion, The New York Times reported on Friday, citing documents leaked by former NSA contractor Edward Snowden.

The US intelligence agency has "circumvented or cracked much of the encryption" that guards global commerce and banking systems, protects sensitive data like trade secrets and medical records, and automatically secures the emails, Web searches, Internet chats and phone calls around the world, the report said.

The NSA has invested billions of dollars in a highly-classified program codenamed Bullrun since it lost a public battle in the 1990s to insert its own "back door" in all encryption, the report said, adding that the full extent of the NSA's decoding capabilities is known only to a limited group of top analysts from the so-called Five Eyes -- the NSA and its counterparts in Britain, Canada, Australia and New Zealand.

According to the newspaper, a 2010 Bullrun briefing document claimed that the agency had developed "groundbreaking capabilities " against encrypted Web chats and phone calls. And now the NSA has had some success in cracking widely-used online protocols such as HTTPS, Secure Sockets Layer (SSL) and virtual private networks ( VPN).

"For the past decade, the NSA has led an aggressive, multipronged effort to break widely-used Internet encryption technologies," said a 2010 memo about the NSA's accomplishments for employees of its British counterpart, the Government Communications Headquarters or GCHQ.

"Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable," the memo was cited as saying.

The NSA is also working with unnamed technology companies in the United States and abroad to establish "back doors" into their products, the newspaper noted, adding that in some cases companies were "coerced by the government into handing over their master encryption keys or building in a back door."

According to the report, the agency spends more than 250 million dollars a year on the so-called Sigint Enabling Project, which "actively engages the US and foreign IT industries to covertly influence and/or overtly leverage their commercial products' designs" to make them "exploitable."

The report suggested that Britain's intelligence agency GCHQ had developed "new access opportunities" into Google's systems by 2012, but Google said it had no evidence that its systems had been breached.

The NSA also used its influence as the world's most experienced code maker to covertly introduce weaknesses into the encryption standards followed by hardware and software developers around the world, said the report.

The newspaper claimed that intelligence officials had asked it not to publish this report, which they said might prompt foreign targets to switch to new forms of encryption or communications that would be harder to collect or read.

The paper said it removed some specific facts, but still decided to publish because of the value of a public debate about government actions that weaken the most powerful tools for protecting the privacy of Internet users.